libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) (#12140) · Issues · alpine / aports

libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708)

An issue was discovered in libvncserver-0.9.12. There is a divide by zero in rfbSendRectEncodingRaw function in libvncserver/rfbserver.c. Attackers can launch a denial of service attack by sending a special message to the VNC server.

Fixed In Version:

libvncserver 0.9.13

Reference:

https://github.com/LibVNC/libvncserver/issues/409
https://security-tracker.debian.org/tracker/CVE-2020-25708

Patch:

https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba

Affected branches:

master (a522ceff)
3.12-stable (bd5545fe)

secfixes comment needs update

Edited Nov 26, 2020 by Natanael Copa

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information